4
Siemens Compliance Protection notice / Copyright notice Copyright notice 2009-10-13Mark GoughPage 4 Audit and Investigation Differences: Audit = control of systems and regulations; lacunas in controls; inferential; consultative IAA Standards: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Investigation = control of organizational behaviour and ethics; lacunas in ethical and/or moral behaviour; evidentiary; defensive/adversarial and consultative Investigation is a legally-based, fact-gathering process to identify personal culpability for violations of internal rules, regulations and national laws and make recommendations for sanctions.

5
Siemens Compliance Protection notice / Copyright notice Copyright notice 2009-10-13Mark GoughPage 5 Audit – Dealing with Fraud (IIA Standards) 1210 - Proficiency 1210.A2 - Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. (IIA International Standards for the Professional Practice of Internal Auditing)

7
Siemens Compliance Protection notice / Copyright notice Copyright notice 2009-10-13Mark GoughPage 7 The United Nations Model Internal Audit Division The internal auditing function is an independent, objective, assurance and advisory activity designed to add value and improve the Organization's operations. Internal audits help the Organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control and governance processes. According to United Nations Financial Regulation 5.15, OIOS is responsible for conducting independent internal audits in accordance with the International Standards for the Professional Practice of Internal Auditing. Internal audit reports contain recommendations intended to address shortcomings identified while reviewing specific management activities or operational areas. Implementation of the most critical audit recommendations by management is carefully tracked. Programme managers are expected to promptly act on the audit findings and recommendations and to also report to OIOS on the status of implementation. OIOS follows up and monitors its audit recommendations until they are fully implemented.

9
Siemens Compliance Protection notice / Copyright notice Copyright notice 2009-10-13Mark GoughPage 9 The United Nations Model – Feeding Investigations Internal Audit Division Manual: B.3.1.1 Identification of Fraud Indicators - IAD staff shall immediately report to the Director any possible cases of fraud or other major irregularity that comes to their attention, and which may require investigation by the OIOS Investigations Division. In addition to providing the Investigations Division with information and documentation on any such cases, the auditor may, if required, be asked to assist in the investigation itself.

11
Siemens Compliance Protection notice / Copyright notice Copyright notice 2009-10-13Mark GoughPage 11 The Siemens Model The mission of Siemens Corporate Audit (CF A) is to add value and improve the worldwide operations and processes of Siemens AG and its Affiliated Companies (Siemens), by independently and objectively evaluating and reporting on Siemens' financial reporting integrity, the effectiveness of risk management and internal control systems, and the adherence to Siemens' compliance policies in a systematic and disciplined manner. CF A shall conduct – in accordance with an enterprise-wide, risk-based schedule established in agreement with the Managing Board and Audit Committee – the following audits, including, but not limited to: (i) financial audits, (ii) operational audits, (iii) information technology audits, and (iv) compliance audits in coordination with the Chief Compliance Officer. The results of these audits will be reported to the Managing Board and the Audit Committee, as deemed appropriate. The audits conducted by CF A will meet or exceed the International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors.

15
Siemens Compliance Protection notice / Copyright notice Copyright notice 2009-10-13Mark GoughPage 15 Lessons Learned – Successful Audit and Investigation Independence of Audit and Investigation: - Must be real - not perceived - Must have funding to mirror responsibilities - Must be able to independently determine audit plan Management of Audit and Investigation: - Must be committed to strategic common interest - Must be audit or legally trained - Must be open to information sharing (need to know concept) - Must be investigation savvy